Crypto Scammers Targeting MetaMask Users Exploit Government Website URLs

in #hive-167922last year

Increasing scams in the crypto space is continuously harassing its users. In order to mislead users and gain unauthorized access to their digital assets, hackers are actively using advanced technic. MetaMask, which has become the main target of hackers, works on the Ethereum blockchain and is very popular among users as an Ethereum crypto wallet, although there are many other Ethereum-based-crypto wallets. Surprisingly, these scammers are using URLs of various government websites from India, Brazil, Egypt, Nigeria, Vietnam, Colombia, and other jurisdictions to steal digital assets of unknown people. The URLs of the fake websites created by scammers do not exactly match the official URL of MetaMask but are completely similar in its design. This is where people get cheated. Many people do not even check the websites URL. Users are redirected to fake MetaMask websites, where they accidentally share their personal data with the scammers, thereby losing their digital assets.

Source

Hacker Technique Has Shocking Effect

Boasting over 21 million monthly active online users, MetaMask plays a key role in facilitating decentralized finance (DeFi) and non-fungible token (NFT) transactions. However, the growing popularity of MetaMask attracted scammers seeking unauthorized access to users' digital wallets by exploiting vulnerabilities in Web3 technologies. In the latest scheme, various government website URLs are used by scammers to redirect users to fake MetaMask sites, where they can obtain sensitive data to gain access to crypto wallets. Users generally trust everything related to government bodies, so scammers took this into account in the new scheme.

Scammers embed spam links within government site URLs to lure users. As soon as they click on the link, they are taken to the fake MetaMask website. Microsoft Defender and its security firewall constantly warn users to update their security systems, so they can prevent potential phishing attacks. However, some users may help scammers exploit their systems by ignoring security firewall warnings. By doing so, they may lose their virtual currencies.

When users access the fraudulent website, they receive a clone of the official MetaMask website. However, they fail to identify whether it is real or not. Websites created by scammers encourage users to connect their MetaMask wallets in order to receive various services. Websites created by scammers look identical to legitimate websites except for their URLs. Investors visit these fake websites and fall prey to this scam. By linking MetaMask to fake sites, users may lose control over virtual assets, resulting in huge financial losses.

Source

The MetaMask Team has issued statement

Recognizing the seriousness of this growing threat, they are actively working to update their security systems to detect and prevent it. To identify and remove these threats, MetaMask will incorporate metadata, indicators, techniques, strategies and procedures (TTP) into its detection systems. They hope to prevent users from accessing these fraudulent websites.

“By adding these current methods (metadata, indicators, TTPs, etc.) to our detection engines, we hope to detect and remove these attacks as they launch, or at least minimize exposure before they reach users.”

Protecting yourself from MetaMask scams

To protect virtual assets from these emerging threats, users should take the following steps as recommended by MetaMask and cyber security professionals:

  1. Fake website URLs do not match valid website URLs. Therefore users should verify the authenticity of the unfamiliar website before clicking on the link.

  2. Any suspicious request that asks for a seed phrase or private key via email or other communication, you should avoid as MetaMask will never ask for these things.

  3. Users should be aware that scammers create new URLs that closely mimic the address of the official site. Therefore, they should double-check the site's URL before sending any sensitive data.

  4. Today online threats are rapidly evolving. Therefore, you need to collect the latest information about cryptocurrency scams, so that you can update your security systems accordingly to protect virtual assets from these threats.

  5. How many users report to MetaMask when they are victims of fraud? A few years ago, while sending some tokens from my MetaMask wallet to a decentralized exchange, I encountered a bug in MetaMask. The payee address was not appearing in the account. I first contacted the exchange, they said it was a bug in MetaMask. Upon contacting MetaMask, they identified it as a bug and said it would be fixed in the next update. However, this was not a threat of a spam.

  6. For added security, hardware wallets can be used with MetaMask to store large amounts of cryptocurrency.

If someone has stolen your seed phrase, you should stop using the wallet associated with it. You will need to create a new recovery phrase for the new wallet account. Extreme security and vigilance can protect your digital wallet from growing online threats.

Conclusion

Although there are huge opportunities in the crypto sector, it also comes with various risks, including scams and fraud. In a recent incident, MetaMask users are being targeted by scammers using government URLs. Such an incident reminds users of the importance of being vigilant and updating security systems. Users can better protect their digital assets by following recommended security measures. However, you should also report new suspicious activity to MetaMask if you spot it in the growing landscape of Web3 technology.

Source

Posted Using LeoFinance Alpha

Sort:  

Thanks good share good info

Obrigado por promover a comunidade Hive-BR em suas postagens.

Vamos seguir fortalecendo a Hive

Metade das recompensas dessa resposta serão destinadas ao autor do post.

Vote no @perfilbrasil para Testemunha Hive.